Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:24:45 +0000.
Sender:Dan Turner.
Date:Wednesday, 23 September 2015 09:30:19 UTC+1.
Hello,
We have a number of internal API’s that are currently locked down using a relatively static and shared API key. We would like to expose these more broadly behind Tyk and use Tyk’s built-in authentication mechanisms to give use finer grained API key’s to new consumers that can be individually revoked. The problem is, Tyk doesn’t appear to support authenticating itself against the downstream API. Am I mistaken on this? If not, is this something you have/might consider?
Imported Google Group message.
Sender:Dan Turner.
Date:Wednesday, 23 September 2015 09:33:35 UTC+1.
I see that there’s this idea of “header transforms”? They same to have to be defined per individual endpoint, is there any way of configuring one globally for the whole downstream API?
https://tyk.io/dashboard-v0-9/plugins/header-transforms/
On Wednesday, 23 September 2015 18:30:19 UTC+10, Dan Turner wrote:
Hello,
We have a number of internal API’s that are currently locked down using a relatively static and shared API key. We would like to expose these more broadly behind Tyk and use Tyk’s built-in authentication mechanisms to give use finer grained API key’s to new consumers that can be individually revoked. The problem is, Tyk doesn’t appear to support authenticating itself against the downstream API. Am I mistaken on this? If not, is this something you have/might consider?
Imported Google Group message.
Sender:Martin Buhr.
Date:Wednesday, 23 September 2015 13:41:35 UTC+1.
This is in our roadmap.
In the meantime you can use wildcards (empty curly braces: {}) to define catch-alls for header transforms (on a per resource basis - less work) to inject an authenticated header.
Alternatively you could just use a middleware JS script as they run on all requests to add a header.
Cheers,
Martin